Skip to content

feat: add injectable LoggerSanitizer to mask sensitive data in logs #16771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ndoschek wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: add injectable LoggerSanitizer to mask sensitive data in logs #16771

ndoschek wants to merge 3 commits into from

Conversation

@ndoschek
Copy link
Member

@ndoschek ndoschek commented Dec 18, 2025
edited
Loading

What it does

Introduce LoggerSanitizer service that automatically masks credentials in log messages to prevent sensitive data leakage (e.g., proxy URLs with username:password, api keys).

  • Add LoggerSanitizer interface and DefaultLoggerSanitizer implementation
  • Integrate sanitizer into Logger.format()
  • Provide a base set of sanitization rules to mask any URL protocol with credentials, api keys and authtokens
  • Make sanitizer injectable and optional
  • Add unit test cases

How to test

  • add a proxy env variable either on cli or via the launch config, e.g. "HTTP_PROXY": "http://myusername:[email protected]:8080"
  • start an example application with loglevel debug (e.g. via npm run start:debug or via the launch configs)
    • for additional test cases open the user settings file, close the applicaiton and inspect the 'fireDidChangeContent' logs on startup (contains api keys/authtokens if stored in user settings)
  • optional: add "--log-file=example.log" to make log inspection easier
  • verify that the url containing the logged credentials/api keys/auth tokens have been masked, e.g. "HTTP_PROXY": "http://****:****@proxy.example.com:8080"

Follow-ups

Breaking changes

  • This PR introduces breaking changes and requires careful review. If yes, the breaking changes section in the changelog has been updated.

Attribution

Contributed on behalf of STMicroelectronics

Review checklist

Reminder for reviewers

@github-project-automation github-project-automation bot moved this to Waiting on reviewers in PR Backlog Dec 18, 2025
@ndoschek ndoschek force-pushed the nd/logger-sanitizer branch from e91eee0 to c50f963 Compare December 18, 2025 15:32
@ndoschek ndoschek requested a review from sdirix December 18, 2025 16:48
@ndoschek ndoschek force-pushed the nd/logger-sanitizer branch from c50f963 to f61b65c Compare December 19, 2025 13:52
@ndoschek
feat: add injectable LoggerSanitizer to mask sensitive data in logs
803d552 
Introduce LoggerSanitizer service that automatically masks credentials in log messages to prevent sensitive data leakage (e.g., proxy URLs with username:password, api keys).

- Add LoggerSanitizer interface and DefaultLoggerSanitizer implementation
- Integrate sanitizer into Logger.format()
- Provide a base set of sanitization rules to mask any URL protocol with credentials, api keys and authtokens
- Make sanitizer injectable and optional
- Add unit test cases

Contributed on behalf of STMicroelectronics
@ndoschek ndoschek force-pushed the nd/logger-sanitizer branch from f61b65c to 803d552 Compare December 22, 2025 12:36
@ndoschek ndoschek changed the title feat: add injectable LoggerSanitizer to mask credentials in logs feat: add injectable LoggerSanitizer to mask sensitive data in logs Dec 22, 2025
@ndoschek ndoschek removed the request for review from sdirix January 7, 2026 14:41
@ndoschek ndoschek marked this pull request as ready for review January 7, 2026 14:43
CamilleLetavernier
CamilleLetavernier reviewed Jan 9, 2026
View reviewed changes
packages/core/src/common/logger.ts
const sanitized = this.sanitize(stringified);
return JSON.parse(sanitized);
} catch {
return value;
Copy link
Contributor

@CamilleLetavernier CamilleLetavernier Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have two distinct try/catch here, to return sanitize if we successfully parsed value, but failed to parse the sanitized value?

Copy link
Member Author

@ndoschek ndoschek Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, thanks! I added an inner try/catch to return the sanitized string if parsing fails, along with a test case to cover this scenario too.

CamilleLetavernier
CamilleLetavernier approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@CamilleLetavernier CamilleLetavernier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good to me!

@github-project-automation github-project-automation bot moved this from Waiting on reviewers to Needs merge in PR Backlog Jan 9, 2026
CamilleLetavernier
CamilleLetavernier reviewed Jan 9, 2026
View reviewed changes
packages/core/src/common/logger-sanitizer.ts Outdated
* Capture groups: $1=protocol, $2=username, $3=password, $4=host (with optional port)
*/
pattern: /([a-z][a-z0-9+.-]*:\/\/)([^:/@]+):([^:/@]+)@([^/:@\s]+(?::\d+)?)/gi,
pattern: /([a-z][a-z0-9+.-]+:\/\/)([^:/@]+):([^:/@]+)@([^/:@\s]+(?::\d+)?)/giu,
Copy link
Contributor

@CamilleLetavernier CamilleLetavernier Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think '*' is better in this case, as we already check [a-z] first (so a:// would be a valid protocol)

[a-z][a-z0-9+.-]+: one letter followed by at least one alphanumeric character (so at least 2 characters) ❌
[a-z][a-z0-9+.-]*: one letter, optionally followed by alphanumeric characters (so at least 1 character) ✔️

@ndoschek ndoschek force-pushed the nd/logger-sanitizer branch from 143f286 to d32d880 Compare January 9, 2026 14:44
CamilleLetavernier
CamilleLetavernier approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@CamilleLetavernier CamilleLetavernier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CamilleLetavernier CamilleLetavernier CamilleLetavernier approved these changes

Assignees

No one assigned

Labels

None yet

Projects

PR Backlog
Status: Needs merge

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ndoschek @CamilleLetavernier